Members of the California State LegislatureState CapitolSacramento, CA 95814

Dear Senators and Assemblymembers:

Members of the California State LegislatureState CapitolSacramento, CA 95814

Dear Senators and Assemblymembers:

The undersigned organizations urge your support of legislation giving customers of financial institutions stronger rights of privacy over their customer information.

This is a critical time for California consumers. In 1999 Congress passed and the President signed the Financial Services Modernization Bill. This far-reaching law enables banks to become affiliated with insurance companies and brokerage firms. This law contains only the weakest of customer privacy provisions - requiring financial institutions to provide customers an opt-out opportunity before selling customer data to unaffiliated third parties.1

This new federal law says nothing about obtaining consent in order to share customer data with bank affiliates, leaving consumers with a huge privacy gap. For example, one's sensitive financial information could be shared with an affiliated insurance company or brokerage firm without consent. Not only would such disclosure expose consumers to unwanted solicitations, the affiliated companies might use the information to make unwarranted negative decisions about individuals who apply for insurance coverage or brokerage services.

You are deliberating on three important financial privacy bills this year: AB 1707, Assembly Member Sheila Kuehl; SB 1337, Senator Jackie Speier; and SB 1372, Senator Tim Leslie. These bills each give important rights of disclosure and consent to California consumers at a time when financial institutions have been granted unprecedented ability to sell and share sensitive customer data.

Our support of these measures is based on two key elements:

Opt-in. We are particularly supportive of the bills' requirements that financial institutions obtain their customers' affirmative consent (opt-in) before sharing customer information with affiliate companies and third parties. The only comprehensive way to protect the privacy of financial records is to ensure that consumers have ultimate control over uses of their personal information by others. The ability to make such decisions before any further uses are made of customer data is known as the right of opt-in.

Disclosure. In addition to offering customers the ability to affirmatively consent to affiliate and third party sharing, the bills require that financial institutions properly disclose their practices and policies regarding the sharing and sale of customer information. Disclosure is especially important in an environment where financial data may be shared with affiliated insurance companies and brokerage firms. As recent cases have shown (highlighted below), many consumers are vulnerable to deceptive business practices when the lines between industries are blurred. Confusion and harm can only be avoided with clearly written and prominently placed statements of information collection and sharing practices, along with explanations of how customers can assert their opt-in rights.

We do not want to underplay other important provisions in the three financial privacy bills, such as enforcement and consumer redress. But we wish to stress the vital importance of retaining strong opt-in and disclosure standards.

If the customers of financial institutions are not given such rights, extensive files of sensitive personal information could be compiled by combining customer data from all affiliated companies. Imagine the use a bank officer could make of insurance information regarding one's medical condition when considering whether or not to extend a loan to that individual. Further, imagine the harm that could befall bank customers who might be vulnerable to overinflated promises of handsome returns if they would transfer their savings to riskier investments with affiliated brokerage companies.

In fact, we have already seen such abuses.

In the recent Nations Bank case, customers were solicited by its affiliate Nations Securities; and many entered into risky investments only to see their life's savings shrink. The securities company used the customer information provided by the bank -- without obtaining the consent of bank customers -- in order to make such solicitations. Nations Bank was fined $6.75 million by the Securities and Exchange Commission.2

The Attorneys General of both Minnesota and New York have sued prominent U.S. banks for selling customer data to third parties without obtaining their consent. In the Minnesota case, customers were telemarketed by a firm that was able to directly debit their bank accounts for the services they purchased because U.S. Bancorp sold their account information to that company without obtaining its customers' consent.

We can only expect more such abuses in the present deregulated environment unless consumers have the ability to determine how their customer data can be shared, and if they are informed of the relationships among affiliated companies.

Fortunately, the federal Financial Services Modernization Act encourages states to pass legislation that is more protective of individual privacy. We urge your support of legislation that gives California consumers the right of opt-in regarding the sharing of their sensitive customer data with affiliates of financial institutions as well as third parties. Such legislation will fill the privacy gap left by the federal legislation.

Having a bank account is a necessity of modern life. Consumers must not be forced to sacrifice their privacy in order to use financial services. Rather, consumers want guarantees that their private financial information will remain both secure and private. Financial privacy legislation containing opt-in and disclosure standards is the only way to ensure that those guarantees are met. Californians deserve nothing less than the strongest of privacy protections for their financial records.

"Opt-out" means that financial institutions can share or sell customer information without their affirmative up-front consent. If customers do not tell the bank to refrain from selling their data, such sale will go on indefinitely.

In the recent Nations' Bank case, for example, bank customers -- many of them elderly, with their life's savings entrusted to the bank -- were solicited by the affiliated securities company without being properly informed of the risks involved. Many such individuals did not know they were dealing with an affiliate of the bank. And many incurred significant losses. (In the Matter of Nations Securities and Nations Bank, NA, File No. 3-9596, decided May 4, 1998.)